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Dear Sir/ Madam, 

Re: Response to First Written Opinion for PCX Application No. PCT/SG2004/000255 
Applicant: Nanyang Polytechnic et al 

Title: System and Method for Detection and Location of Rogue 

Wireless Access Users in a Computer Network 
Authorized Officer: Maki Maryanovich 
Ourref: 1138.P040PCT/OCG 



We refer to the above-captioned POT patent application and the First Written Opinion dated 
October 5, 2004. 

In response to the First Written Opinion, we enclose the following: 

1 . Response to Written Opinion (2 pages); 

2. Replacement f)ages 16-19 (marked up pages); and 

3 . Replacement pages 16-19 (clean pages). 

Please feel free to contact the below signed person for any matter related to the present 
application. 



Yours sincerely 

LAWRENCE Y,D HO & ASSOCIATES PTE LTD 
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Application No. PCT/SG2004/000255 
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Response to Written Opinion 

This is a response to the outstanding Written Opinion dated October 5, 2004 for the 
International application No. PCT/SG2004/000255, titled "System And Method For Detection 
And Location Of Rogue Wireless Access Users In A Computer Network". 

There are twelve (12) claims pending m this patent application. Originally filed claims 
1 and 2 have been combined into new claim 1; originally filed claims 9 and 14 combined into 
new claim 8; originally filed claims 3-8 renumbered to 2-7; originally filed claims 10-13 
renumbered to 9-12; originally filed claims 2 and 14 are cancelled. Claims have been 
amended to better represent the claimed invention of the present application. No new matter 
has been added by the amendments. 

Applicant gratefully notes that the originally filed claims 2-7 and 14 satisfy all 
requu-ements of patentability. As discussed above, the patentable subject matters have been 
incorporated into the newly amended claims. With respect to the objected claims, the 
Applicant respectfiiUy submits that the amended claims have overcome all the objections in 
view of citations (a) WO 2003/083601 and (b) US 2003/0045270. . 

In the Written Opinion, the Examiner objects originally filed claims 9 and 13 for lack 
of novelty and inventive step in light of citation (a). Applicant has carefully reviewed citation 
(a) and dissents with the Examiner's objections. However, for the purpose of expediting the 
examination process, the Applicant has combined claims 9 and 14 into new claim 8. Since 
claim 14 is novel and inventive, new claim 8 that incorporates the subject matter of claim 9 
and 14 is now novel and inventive. Accordingly, originally filed claim 13 (now renumbered 
to 12) that depends on new claim 8 is also novel and inventive. 
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The Examiner objects claims 1, 8 and 10-12 for lack of inventive step in view of 
citations (a) and (b). Applicant has carefully reviewed the combination of citations (a) and (b) 
and dissents with Examiner's objections. However, for the same purpose of expediting the 
exammation process, the Applicant has combined claim 1 and 2 into new claim 1 . Since claim 
2 is inventive, new claim 1 that incorporates the subject matter, of claim 1 and 2 is now 
inventive. Accordingly, originally filed claim 8 (now renumbered to 7) that depends on new 
claim 1 is also novel and inventive. Furthermore, originally filed claims 10-12 (now 
renumbered to 9-11) that depends on new claim 8, as discussed above, are also inventive. 

The Examiner has observed that claim 9 lacks clarity in that it includes reference to 
"the algorithm of the present invention" and 'Svithout having the computer network's user 
having to be. . when there is no earlier establishment of these features. This language that is 
unclear has been cancelled. 

Applicant respectfully submits that the pending claims 1-12 are novel and inventive. 
Therefore, a withdrawal of the objections is requested. Applicant respectfully submits that the 
present application is in condition for allowance. 
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Claims 

1 . A method to detect and geographically locate a rogue user wirelessly 
accessing a computer network, the method comprising: 

a. deploying at least one Network Management System program; 

b. pre-identifvinq at least one island in the wireless computer network: 
C; mapping a geographical area covered by the wireless computer 

network into the at least one island; 
e rd. measuring at least one network performance parameter for each 

island to obtain a spatial performance model; . 
dr e. d eriving a performance index for each island based on the at least 

one performance parameter; 
e rf. identifying a potential rogue user based at least on his Media 

Access Control (MAC) address and Internet Protocol (IP) address; 
f: g. m easuring at least one performance parameter of the potential 

rogue user; 

g rh. d eriving at least one perfomriance index for the potential rogue 
user; 

fe ri. d etermining location of the potential rogue user by comparing the 
performance index of the potential rogue user with historical, 
average performance indices of each island pertinent to the current 
time of detection; and 

y. e ffecting at least one network security measure against the rogue 
user. 

Or, A m e thod further to Claim 1, the mapping further comprises pro identifying 

at l e ast one i sland. 

^2. A method further to Claim 1 . the deriving at least one network performance 
index for each island further comprising: 
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a. obtaining the differences between the captured values of the 
performance parameter of rogue user and the performance 
parameter in the spatial performance model; 

b. determining the minimum value for each difference; 

c. normalizing the values for each difference to obtain rank number; 
and 

d. summing the rank numbers for each island to obtain its performance 
index. 

43. A method further to Claim 1 , the deriving at least one network performance 
index for each Island further comprising: 

a. detemnining the minimum values of each performance parameter in 
the spatial performance model; 

b. normalizing the values of each performance parameter in the spatial 
performance model and captured performance parameters of rogue 
user to obtain the rank numbers; 

c. obtaining the differences between the rank numbers of performance 
parameters in spatial performance model and the captured 
performance parameters of rogue user; and 

d. summing the differences for each island to obtain its performance 
index. 

§4. A method further to Claim 1 wherein the deriving of at least one 

performance index further comprising dynamically re-mapping the islands 
previously mapped based on the current performance index of each island 
at time intervals. 



§5. 



A method further to Claim 1 wherein the deriving of the performance index 
of the potential rogue user is substantially similar to the deriving of the 
performance index for each island. 
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76. A method further to Claim 1 . the determining of the geographical location of 
the potential rogue user by comparing further comprising matching the 
performance indices of the at least one island with the performance index of 
the potential rogue user. 

87. A method further to Claimi , the effecting at least one network security 
measure further comprising: 
logging particulars of the rogue user, 
displaying geographically location of the rogue user, 
denying access to the rogue user, and 
prosecuting the rogue user. 

98. A system to detect and geographically locate a rogue user wirelessly 
accessing a computer network, the system comprising: 
a computer network with at least one wireless access pointri 
at least one processorri 
at least a network management systemv; 
at least one storage meansii and 

at least one impl e m e ntation of the algorithm of the present inv e ntion 
wh e rein th e rogu e us e r is ab le to b e g e ographically l ocated without having 
th e comput e r n e twork^s user having to be physically in th e vicinity of the 
roguo usor. 

at least one implementation of an algorithm to aeoaraDhicallv locate the 
rogue user by matching at least one network performance characteristic of 

the rogue user with at least one network performance characteristic of at 
least one pre-mapped island of the network around the at least one wireless 
access point, 

409. A system according to Claim 68, the computer network further comprising 
wireless access points which are connected to the wired computer network. 
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4410. A system further to Claim 98, the at least one network management system 
further comprising at least one storage means further comprising storage of 
network performance parameter values, derived network perfonnance 
characteristics and mapped islands covered by the at least one wireless 
access point. 

42^11. A system further to Claim OS, the at least one storage means further 
comprising storage of network performance parameter values, derived 
network perfonnance characteristics and mapped islands covered by the at 
least one wireless access point 

4ai2. A system further to Claim 98, wherein the at least one storage means may 
be part of the at least one network management system. 

44: — A system further to C l aim 9, tho at l oast ono implomontation of th e 

algorithm of the present invention ablo to goographically locato tho rogue 
usor by matching at l e ast ono network porformanco charaotoriotic of th e 
rogu e user with at l east on e n e twork p e rformance oharaotoristio of at least 
on o pr o mapped island of the network around tho at l oaot ono wiroloss 
acG O DS point . 
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Claims 

1 . A method to detect and geographically locate a rogue user wirelessly 
accessing a computer network, the method comprising: 

a. deploying at least one Network Management System program; 

b. pre-identifying at least one island in the wireless computer network; 

c. mapping a geographical area covered by the wireless computer 
network into the at least one island; 

d. measuring at least one network performance parameter for each 
island to obtain a spatial performance model; . 

e. deriving a performance index for each island based on the at least 
one performance parameter; 

f. identifying a potential rogue user based at least on his Media Access 
Control (MAC) address and Internet Protocol (IP) address; 

g. measuring at least one performance parameter of the potential rogue 
user; 

h. deriving at least one perfomiance index for the potential rogue user; 
1. determining location of the potential rogue user by comparing the 

perfomnance Index of the potential rogue user with historical, 
average performance indices of each island pertinent to the current 
time of detection; and 
j. effecting at least one network security measure against the rogue 
user. 

2. A method further to Claim 1 , the deriving at least one networi^ performance 
index for each island further comprising: 

a. obtaining the differences between the captured values of the 
performance parameter of rogue user and the performance 
parameter in the spatial performance model; 

b. determining the minimum value for each difference; 

c. normalizing the values for each difference to obtain rank number; 
and 
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d. summing the rank numbers for each island to obtain its performance 
index. 

3. A method further to Claim 1 , the deriving at least one network performance 
index for each island further comprising: 

a. determining the minimum values of each performance parameter in 
the spatial performance model; 

b. normalizing the values of each performance parameter in the spatial 
perfomriance model and captured performance parameters of rogue 
user to obtain the rank numbers; 

c. obtaining the differences between the rank numbers of perfomiance 
parameters In spatial performance model and the captured 
perfomiance parameters of rogue user; and 

d. summing the differences for each island to obtain its performance 
index. 

4. A method further to Claim 1 wherein the deriving of at least one 
performance index further comprising dynamically re-mapping the islands 
previously mapped based on the current performance index of each island 
at time intervals. 

5. A method further to Claim 1 wherein the deriving of the performance index 
of the potential rogue user is substantially similar to the deriving of the 
performance index for each island. 

6. A method further to Claim 1 , the determining of the geographical location of 
the potential rogue user by comparing further comprising matching the 
performance indices of the at least one island with the performance index of 
the potential rogue user. 
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7. A method further to Claimi , the effecting at least one network security 
measure further comprising: 

logging particulars of the rogue user, 
displaying geographically location of the rogue user, 
denying access to the rogue user, and 
prosecuting the rogue user. 

8. A system to detect and geographically locate a rogue user wirelessly 
accessing a computer network, the system comprising: 

a computer network with at least one wireless access point; 

at least one processor; 

at least a network management system; 

at least one storage means; and 

at least one implementation of an algorithm to geographically locate the 
rogue user by matching at least one network performance characteristic of 
the rogue user with at least one network performance characteristic of at 
least one pre-mapped island of the network around the at least one wireless 
access point. 

9. A system according to Claim 8, the computer network further comprising 
wireless access points which are connected to the wired computer network. 

10. A system further to Claim 8, the at least one network management system 
further comprising at least one storage means further comprising storage of 
network performance parameter values, derived network performance 
characteristics and mapped islands covered by the at least one wireless 
access point. 

11. A system further to Claim 8, the at least one storage means further 
comprising storage of network perfornniance parameter values, derived 
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network performance characteristics and mapped islands covered by the at 
least one wireless access point. 

A system further to Claim 8, wherein the at least one storage means may 
be part of the at least one network management system. 



